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DETAILED ACTION 



1. 



This is in response to Pre-Appeal Brief filed on April 22, 2010. 



2. 



Claims 10-12, 14, 17 and 20-25 are pending. 



35 USC §103 



3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claims 10-12, 14, 17 and 20-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Joseph et al. (US 6,966,003 Bl, hereafter " Joseph ") in view of Bahl et 



al. (US 7,020,464 B2, hereafter "Bahl"). 
As per ClaimlO , Joseph teaches: 

A method for maintaining secure network connections, the method comprising: 
duplicating [see for example, col. 2, lines 24-61], at a third network element, a security association 
associated with a secure network connection between a first network element and a second 
network element [see FIG.1: where first (12), second (22), third (22') & (fourth=30) are disclosed], 
and in response to detecting failure of the second network element [claims 18 and 24], replacing 
the second network element with the third network element in the secure network connection with 
the first network element [see FIG.1 (network device 22' is back-up device) and FIG.2B; and for 
example, col.4, lines 58-67], wherein the secure network connection between the first network 



element and the third network element is based on the duplicated security association [see step 
118 in FIG.2B]. 
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Joseph fails to disclose wherein a lookup of the security association associated with the 
secure network connection is not dependent on any destination address; however, in analogous 
art, Bahl teaches a lookup of the security association associated with the secure network 
connection is not dependent on any destination address [see FIGS.4A-6: SA is not changed 
when mobile node changes old to new address (e.g., col.1 1 , lines 45-47)]. Therefore, it would 
have been obvious to a person having ordinary skill in the art at the time of applicant's invention 
was made to modify the system of Joseph by incorporating the teaching of Bahl in order to provide 
transparent session continuity [see at least abstract of Bahl]. 

As per Claims 1 1 and 20 , Joseph-Bahl combination teaches: 

The method according to claim 10 further comprising sending at least one secure 
message from the third network element to the first network element to notify the first network 
element that the secure network connection will be taken over by the third network element [see 
abstract and 'second communication' 34 in FIG.1 of Joseph]; and during life of the secure network 
connection between the first and second network elements, the third network element receiving 
information relating to the security association of the secure network connection from the second 
network element [see abstract and FIGS.1 and 2B of Joseph]. 

As per Claims 21 and 23 , Joseph teaches: 

The method of claim 10, the second and third network elements are security servers [see 
FIG.1; and for example, col. 3, lines 31-34]. Joseph does not teach the first network element as a 
mobile client. However, Bahl teaches a first network element as a mobile client [see 'mobile host' 
70 in FIG.1]. Therefore, it would have been obvious to a person having ordinary skill in the art at 
the time of applicant's invention was made to modify the system of Joseph by incorporating the 
mobile host of Bahl in order to handle network communications between mobile devices [see at 
least col.1, 9-13 of Bahl]. 



As per Claim 12 , Joseph teaches: 
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A method for maintaining secure network connections, the method comprising: 
configuring a plurality of security gateways (such that a lookup of security associations is not dependent 
on any destination address) [see abstract and FIGS.1 and 3-4: where network devices to be 
configured are disclosed]; and sharing a security association among the plurality of security 
gateways [see abstract and FIG.2B and 3-4; and for example, col. 2, lines 24-61]. 

Joseph fails to disclose wherein a lookup of the security association associated with the 
secure network connection is not dependent on any destination address; however, in analogous 
art, Bahl teaches a lookup of the security association associated with the secure network 
connection is not dependent on any destination address [see FIGS.4A-6: SA is not changed 
when mobile node changes old to new address (e.g., col.1 1 , lines 45-47)]. Therefore, it would 
have been obvious to a person having ordinary skill in the art at the time of applicant's invention 
was made to modify the system of Joseph by incorporating the teaching of Bahl in order to provide 
transparent session continuity [see at least abstract of Bahl]. 

As per Claim 25 , Joseph-Bahl combination teaches: 

The method of claim 12, wherein sharing the security association comprises sharing an 
IPsec security association among the plurality of security gateways [see FIGS. 3-4 and step 204 in 
FIG.5A of Joseph: where security information (IPsec) is disclosed]. 

As per Claims 14 and 22 , Joseph teaches: 

A first security server comprising: a transceiver to receive information relating to at least 
one security association of a secure network connection between a (mobile) client and a second 
security server [see abstract; FIGS.1 and 3-4, connection status based on SA is transmitted]; and 
a processor module to: monitor operation of the second security server [see abstract and FIGS.1 
and 3-4, network connection is monitored for failure]; in response to detecting failure of the 
second security server [claims 18 and 24], send a message to the (mobile) client that the first 
security server is taking over the secure network connection [see FIG.1 (network device 22' is 
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back-up device) and FIG.2B; and for example, col.4, lines 58-67]; and communicate with the 
(mobile) client using the at least one security association over the secure network connection 
between the first security server and the (mobile) client [see step 1 18 in FIG.2B]. 

Joseph fails to disclose mobile client and a lookup of the security association associated 
with the secure network connection is not dependent on any destination address; however, in 
analogous art, Bahl teaches a mobile client [see 'mobile host' 70 in FIG.1] and lookup of the 
security association associated with the secure network connection is not dependent on any 
destination address [see FIGS.4A-6: SA is not changed when mobile node changes old to new 
address (e.g., col.1 1, lines 45-47)]. Therefore, it would have been obvious to a person having 
ordinary skill in the art at the time of applicant's invention was made to modify the system of 
Joseph by incorporating the teaching of Bahl in order to provide transparent session continuity of 
mobile communications [see at least abstract of Bahl]. 

As per Claims 17 , Joseph-Bahl combination teaches: 

The first security server according to claim 22, wherein communications between the 
mobile client [see 'mobile host' 70 in FIG.1] and the first security server are based on a security 
architecture for the internet protocol (IPsec) [see FIGS. 3-4 and step 204 in FIG.5A of Joseph: 
where security information (IPsec) is disclosed]. 

The same motivation used with respect to claim 22 above is used, because the 
secondary reference is applied to map the same limitation (i.e., mobile client). 

As per Claim 24 , Joseph-Bahl combination teaches: 

The first security server of claim 22, wherein information relating to the at least one 
security association is duplicated at the first and second security servers [see for example, col.2, 
lines 24-61 of Joseph]. 
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Response to Arguments 
4. Applicant's arguments with respect to the pending claims have been considered but are 
moot in view of the new ground(s) of rejection. 
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